CN115459964A - Data security processing method and device - Google Patents

Data security processing method and device Download PDF

Info

Publication number
CN115459964A
CN115459964A CN202211010532.4A CN202211010532A CN115459964A CN 115459964 A CN115459964 A CN 115459964A CN 202211010532 A CN202211010532 A CN 202211010532A CN 115459964 A CN115459964 A CN 115459964A
Authority
CN
China
Prior art keywords
data
application
authorized
processed data
receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211010532.4A
Other languages
Chinese (zh)
Inventor
古竹
谭振华
何明瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Skyguard Network Security Technology Co ltd
Chengdu Sky Guard Network Security Technology Co ltd
Original Assignee
Beijing Skyguard Network Security Technology Co ltd
Chengdu Sky Guard Network Security Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Skyguard Network Security Technology Co ltd, Chengdu Sky Guard Network Security Technology Co ltd filed Critical Beijing Skyguard Network Security Technology Co ltd
Priority to CN202211010532.4A priority Critical patent/CN115459964A/en
Publication of CN115459964A publication Critical patent/CN115459964A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/543User-generated data transfer, e.g. clipboards, dynamic data exchange [DDE], object linking and embedding [OLE]

Abstract

The invention discloses a data security processing method and device, and relates to the technical field of data security. One embodiment of the method comprises: receiving a copy or transfer operation for data in an authorized first application; serializing and encrypting the data; and providing the processed data to an application of a receiving party, enabling the second application to perform decryption and deserialization processing on the processed data when the application of the receiving party is an authorized second application, and enabling the unauthorized application to acquire the processed data when the application of the receiving party is an unauthorized application. The embodiment enables an unauthorized application to acquire encrypted data, so that the security of the application copying data is effectively improved.

Description

Data security processing method and device
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a data security processing method and apparatus.
Background
At present, in the process of transmitting information through the internet, a user often copies or transmits data in one application to another application, and further transmits or stores the data through another application. That is, after the transmission path of one application is limited, the user may compromise the security of data by copying the data of the application to another application and transmitting the data through the other application.
Disclosure of Invention
In view of this, embodiments of the present invention provide a data security processing method and apparatus, so that an unauthorized application acquires encrypted data, so as to effectively improve the security of data copied by the application.
In order to achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a data security processing method, including:
receiving a copy or transfer operation for data in an authorized first application;
serializing and encrypting the data;
and providing the processed data to an application of a receiving party, enabling the second application to perform decryption and deserialization processing on the processed data under the condition that the application of the receiving party is an authorized second application, and enabling the unauthorized application to acquire the processed data under the condition that the application of the receiving party is an unauthorized application.
Optionally, the data security processing method further includes: in the case of receiving a copy operation for data in an authorized first application, copying the processed data into a clipboard of a running system;
the application for providing the processed data to the receiver comprises: and under the condition that the application of the receiver receives the pasting operation, acquiring the processed data from the clipboard of the operating system, and providing the processed data for the application of the receiver.
Optionally, the data security processing method further includes:
according to a preset configuration strategy, constructing and caching a proxy class for one or more applications and calling an interface of the proxy class so as to call the cached proxy class through the interface aiming at the copying operation or the transmission operation of data, wherein the proxy class comprises a serialization method and an encryption method, and the application cached with the proxy class and calling the interface of the proxy class is the authorized first application;
the serializing and encrypting the data includes: and carrying out serialization processing on the data through the serialization method included by the proxy class, and encrypting the serialized data through the encryption method.
Optionally, the proxy class further includes a decryption method corresponding to the encryption method and a deserialization method corresponding to the serialization method, and the application that caches the proxy class and calls the interface of the proxy class is the authorized second application;
the second application performs decryption and deserialization processing on the processed data, and includes:
and sequentially calling the decryption method and the deserialization method to decrypt and deserialize the processed data.
Optionally, the data security processing method further includes: setting a label for fields related to serialization and encryption processing in the processed data;
the second application performs decryption and deserialization processing on the processed data, and includes: and the second application identifies fields containing labels in the processed data, and decrypts and deserializes the identified fields containing the labels.
Optionally, the data security processing method further includes: configuring a data management policy in the agent class, wherein the data management policy indicates data characteristics that need to be serialized;
under the condition of receiving copy or transmission operation aiming at data in an authorized first application, judging whether part or all of the data meets data characteristics which are indicated by the data management strategy and need to be serialized, and if so, serializing and encrypting the data meeting the data characteristics; otherwise, the data is directly provided to the application of the receiving party.
Optionally, the running system is an Android system.
In a second aspect, an embodiment of the present invention provides a data security processing apparatus, a receiving unit, a processing unit, and a providing unit, wherein,
the receiving unit is used for receiving a copying or transmission operation aiming at data in an authorized first application;
the processing unit is used for carrying out serialization and encryption processing on the data;
the providing unit is configured to provide the processed data to an application of a receiving party, enable the second application to perform decryption and deserialization on the processed data when the application of the receiving party is an authorized second application, and enable the unauthorized application to acquire the processed data when the application of the receiving party is an unauthorized application.
One embodiment of the above invention has the following advantages or benefits: after receiving copy or transmission operation for data in an authorized first application, serializing and encrypting the data to ensure the security of the data, and after subsequently providing the processed data to a receiver application, if the receiver application is an authorized second application, decrypting and deserializing the authorized second application to display normal data, and if the receiver application is an unauthorized application, obtaining processed data by the unauthorized application, namely obtaining encrypted and serialized data by the unauthorized application, the application can authorize trusted applications to enable trusted applications to copy or transmit data with each other, and untrusted applications cannot obtain data from the trusted applications to effectively improve the security of the application to copy or transmit data.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of an application scenario according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another application scenario according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of the main flow of a data security processing method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a main flow of another data security processing method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a main flow of data replication between different applications according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a main flow of data transmission between different applications according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of the main elements of a data security processing apparatus according to an embodiment of the present invention;
fig. 8 is a schematic block diagram of a computer system suitable for use in implementing a terminal device of an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 and fig. 2 respectively illustrate an application scenario in which the following embodiments of the present invention may be applied.
As shown in fig. 1, communication between an application a and an application B in a terminal apparatus 101, specifically, a user copies information from the application a in the terminal apparatus 101, pastes the information copied from the application a into the application B, and transmits the pasted information to an application C in a terminal apparatus 103 through a network 102 via the application B. Network 102 is the medium used to provide a communication link between terminal device 101 and terminal device 103. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
Further, the server 104 can communicate with the terminal apparatus 101 and the terminal apparatus 103 through the network 102. The data security processing device is installed for a specific application in the terminal device 101 and/or the terminal device 103, so that the application into which the data security processing device is inserted can perform serialization and encryption processing on copied information or information to be transmitted, and can perform decryption and deserialization on received serialized and encrypted data to restore the data.
For example, the server 104 installs data security processing means for the application a and the application B in the terminal apparatus 101, and the server 104 does not install the data security processing means for the application C in the terminal apparatus 103. Correspondingly, after receiving the copy operation of the information included by the user, the application a in the terminal device 101 serializes and encrypts the copied information, stores the serialized and encrypted information into the clipboard of the operating system, and after receiving the paste operation, the application B in the terminal device 101 reads the serialized and encrypted information from the clipboard of the operating system, decrypts and deserializes the read information, and displays the obtained original information in the application B. After receiving the sending operation of the user on the information in the application B, the sent information is serialized and encrypted, and the serialized and encrypted information is transmitted to an application C in the terminal device 103, where the application C displays the serialized and encrypted information but cannot display the original information.
As shown in fig. 2, the user transmits information of the application D in the terminal apparatus 105 to the application E in the terminal apparatus 107 via the network 106. Network 106 is the medium used to provide a communication link between terminal device 105 and terminal device 107. Network 106 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
Further, the server 104 can communicate with the terminal device 105 and the terminal device 107 through the network 102. The data security processing device is installed for a specific application in the terminal device 105 and/or the terminal device 107, so that the application into which the data security processing device is inserted can perform serialization and encryption processing on copied information or information to be transmitted, and can perform decryption and deserialization on received serialized and encrypted data to restore the data.
For example, the server 104 is provided with a data security processing device for the application D in the terminal device 105 and the application E in the terminal device 107. Accordingly, after receiving the transmission operation of the information included by the user, the application D in the terminal device 105 serializes and encrypts the transmitted information, transmits the serialized and encrypted information to the application E in the terminal device 107, decrypts and deserializes the read information, and displays the obtained original information in the application E.
Among them, the terminal devices 101, 103, 105, 107 may have various communication client applications installed thereon, such as a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, etc. (for example only).
The terminal devices 101, 103, 105, 107 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
It should be noted that the data security processing method provided in the embodiment of the present invention is generally executed by the terminal devices 101, 103, 105, and 107, and accordingly, the data security processing apparatus may be respectively disposed in the terminal devices 101, 103, 105, and 107.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Fig. 3 is a schematic main flow chart of a data security processing method according to an embodiment of the present invention. As shown in fig. 3, the data security processing method may include the following steps:
step S301: receiving a copy or transfer operation for data in an authorized first application;
step S302: serializing and encrypting the data;
step S303: and providing the processed data to the application of the receiver, enabling the second application to perform decryption and deserialization on the processed data under the condition that the application of the receiver is an authorized second application, and enabling the unauthorized application to acquire the processed data under the condition that the application of the receiver is an unauthorized application.
The "first" and the "second" of the first application and the second application are only used for distinguishing the application of the information provider from the application of the information receiver, and are not used for limiting the number of applications or the application sequence.
The authorized application refers to an application that can serialize and encrypt provided data and decrypt and deserialize received data.
The unauthorized application is an application that cannot decrypt and deserialize the serialized and encrypted data and cannot serialize and encrypt the data provided by the application.
The serialization of the data refers to the conversion of the data into binary, hexadecimal data or ASCII code by using a specific algorithm. The specific algorithm may be an existing algorithm.
The encryption process may be performed by using an existing encryption algorithm.
In addition, the step S302 may be implemented by encrypting data first and then serializing the encrypted data; alternatively, the data may be serialized first, and then the serialized data may be encrypted. The data is doubly encrypted through serialization and encryption processing, so that the safety of the data is effectively improved, and the risk of data cracking is reduced.
In the embodiment shown in fig. 3, after receiving a copy or transmission operation for data in an authorized first application, the data is serialized and encrypted to ensure the security of the data, and after subsequently providing the processed data to a receiver application, if the receiver application is an authorized second application, the authorized second application may decrypt and deserialize to display normal data, and if the receiver application is an unauthorized application, the unauthorized application obtains processed data, that is, the unauthorized application obtains encrypted and serialized data, so that the application can authorize trusted applications to enable trusted applications to copy or transmit data to each other, and untrusted applications cannot obtain data from trusted applications, so as to effectively improve the security of the application to copy or transmit data.
In this embodiment of the present invention, the data security processing method may further include: in the case of receiving a copy operation for data in an authorized first application, copying the processed data into a clipboard of a running system; accordingly, the specific implementation of the application for providing the processed data to the receiving party may include: and when the application of the receiver receives the pasting operation, acquiring the processed data from the clipboard of the running system, and providing the processed data to the application of the receiver. The copy-paste depends on a clipboard of the running system, and the running system can better ensure the security of the data so as to further improve the security of the copied data.
In this embodiment of the present invention, the data security processing method may further include: constructing and caching an agent class and calling an interface of the agent class for one or more applications according to a preset configuration strategy, and calling the cached agent class through the interface aiming at the copying operation or the transmission operation of data, wherein the agent class comprises a serialization method and an encryption method, and the application cached with the agent class and calling the interface of the agent class is an authorized first application; accordingly, the specific implementation of the serialization and encryption processing of the data may include: and carrying out serialization processing on the data through a serialization method included by the proxy class, and encrypting the serialized data through an encryption method. The serialization and the encryption processing are realized through the proxy class, and the intrusion into an operating system or a root operating system is not needed, so that the data security is further improved.
In the embodiment of the present invention, the proxy class further includes a decryption method corresponding to the encryption method and a deserialization method corresponding to the serialization method, and the application cached with the proxy class and calling the interface of the proxy class is an authorized second application; accordingly, a specific implementation manner of the second application performing decryption and deserialization on the processed data may include: and sequentially calling a decryption method and an deserialization method to decrypt and deserialize the processed data. So as to ensure the decryptability and readability of the data and the correctness of the data copying or transmission.
In an embodiment of the present invention, the data security processing method may further include: setting a label for fields related to serialization and encryption processing in the processed data; accordingly, a specific implementation manner of the second application performing decryption and deserialization on the processed data may include: and the second application identifies the fields containing the labels in the processed data, and decrypts and deserializes the identified fields containing the labels. The label is arranged, so that the serialization and encryption processing can be carried out on partial data only, and then the partial data needing to be decrypted and deserialized are determined according to the label, so that the accuracy of copied data and transmitted data obtained by authorized application is ensured.
In the embodiment of the present invention, as shown in fig. 4, the data security processing method may further include the following steps:
step S401: configuring a data management strategy in the agent class, wherein the data management strategy indicates data characteristics needing serialization;
step S402: in case of receiving a copy or transfer operation for data in an authorized first application, determining whether part or all of the data satisfies a data characteristic that the data management policy indicates that serialization is required, and if so, performing step S403; otherwise, go to step S404;
step S403: serializing and encrypting the data meeting the data characteristics, and ending the current flow;
step S404: the data is provided directly to the recipient's application.
By only serializing the configured data features, on one hand, the security of the data can be ensured, and on the other hand, the efficiency of data serialization and encryption processing can be effectively improved.
In the embodiment of the present invention, the operating system is an Android system. Namely, the data security processing method provided by the application runs depending on an Android system. Namely, the data security processing method provided by the application depends on a data copying mode and a data transmission mode provided by an Android system.
The following description will be made of a specific embodiment of the data security processing method, taking as an example a case where the user copies the information of the application a in the terminal apparatus 101 shown in fig. 1 to the application B and the application C, respectively. As shown in fig. 5, the data security processing method may include the following steps:
step S501: respectively constructing and caching proxy classes and calling interfaces of the proxy classes for an application A and an application B in the terminal equipment according to a preset configuration strategy;
the proxy class comprises a serialization method, an encryption method, an deserialization method corresponding to the serialization method and a decryption method corresponding to the encryption method. In addition, a data management strategy is also configured in the agent class, wherein the data management strategy indicates data characteristics needing serialization; the data characteristics can be configured correspondingly according to the user requirements, for example, the data characteristics can be user identity information, a payment password of the user, business information of an enterprise and the like.
Application a and application B are authorized applications and application C is an unauthorized application.
Step S502: the user performs copy operation on the data in the application A;
step S503: based on the data management policy configured by the agent class, judging whether part or all of the data meets the data characteristics which are indicated by the data management policy and need to be serialized, if so, executing step S504; otherwise, go to step S510;
step S504: serializing the data by applying a serialization method included in the agent class corresponding to the A, and encrypting the serialized data by an encryption method;
step S505: setting a label for fields related to serialization and encryption processing in the processed data;
step S506: copying the processed data to a shear plate of an operating system, and respectively executing a step S507 and a step S511;
step S507: receiving a pasting operation executed on an application B by a user, acquiring processed data from a clipboard of an operating system, and providing the processed data to the application B;
step S508: the fields containing the labels in the data after the agent class sequence identification processing of the application B are called, the agent class decryption method and the deserializing method of the application B are called to decrypt and deserialize the identified fields containing the labels, and the step S510 is executed;
step S509: the data is provided directly to application B.
Step S510: displaying the original data in the application B, and finishing the current process;
step S511: receiving a pasting operation executed by a user on the application C, acquiring processed data from a clipboard of the running system, and providing the processed data to the application C;
step S512: and displaying the processed data in the application C.
In addition, when the user copies the data from the application C and pastes the data into the application A or the application B, the application A and the application B directly display the data without decrypting and deserializing the data.
A specific embodiment of the data security processing method will be described below by taking an example in which the user transfers the information of the application D in the terminal apparatus 105 shown in fig. 2 to the application E in the terminal apparatus 107. As shown in fig. 6, the data security processing method may include the following steps:
step S601: respectively constructing and caching proxy classes and calling interfaces of the proxy classes for the application D and the application E according to a preset configuration strategy;
the agent class includes a serialization method, an encryption method, an deserialization method corresponding to the serialization method, and a decryption method corresponding to the encryption method. In addition, a data management strategy is also configured in the agent class, wherein the data management strategy indicates data characteristics needing serialization; the data characteristics can be configured correspondingly according to the user requirements, for example, the data characteristics can be user identity information, a payment password of the user, business information of an enterprise and the like.
Application D and application E are authorized applications.
Step S602: the user sends the data in the application D to the application E of the user;
step S603: based on the data management policy configured by the agent class, judging whether part or all of the data meets the data characteristics which are indicated by the data management policy and need to be serialized, if so, executing step S604; otherwise, go to step S609;
step S604: serializing the data by using a serialization method included in the agent class corresponding to the D, and encrypting the serialized data by using an encryption method;
step S605: setting a label for fields related to serialization and encryption processing in the processed data;
step S606: sending the processed data to an application E of a user;
step S607: the fields containing the labels in the data after the agent class sequence identification processing of the application E are called, and the agent class decryption method and the deserializing method of the application E are called to decrypt and deserialize the identified fields containing the labels;
step S608: displaying the original data in the application E, and finishing the current process;
step S609: the data is provided directly to application E, which displays the data.
Namely, the decryption and deserialization are not carried out on the information without the label, so that the encrypted and serialized partial information is determined through the label, and the accuracy of the data for which the decryption and deserialization are carried out is guaranteed. As shown in fig. 7, an embodiment of the present invention provides a data security processing apparatus 700, where the data security processing apparatus 700 may include: a receiving unit 701, a processing unit 702, and a providing unit 703, wherein,
a receiving unit 701, configured to receive a copy or transfer operation for data in an authorized first application;
a processing unit 702, configured to perform serialization and encryption processing on data;
a providing unit 703 is configured to provide the processed data to the application on the receiving side, enable the second application to perform decryption and deserialization on the processed data when the application on the receiving side is an authorized second application, and enable the unauthorized application to acquire the processed data when the application on the receiving side is an unauthorized application.
In this embodiment of the present invention, the processing unit 702 is further configured to, in a case that a copy operation for data in an authorized first application is received, copy the processed data into a clipboard of the running system;
the providing unit 703 is further configured to, when the application of the receiving party receives the paste operation, obtain the processed data from the clipboard of the operating system, and provide the processed data to the application of the receiving party.
In this embodiment of the present invention, the processing unit 702 is further configured to construct and cache an agent class and an interface for calling the agent class for one or more applications according to a preset configuration policy, so as to call the cached agent class through the interface for a data copy operation or a data transmission operation, where the agent class includes a serialization method and an encryption method, and the application cached with the agent class and the interface for calling the agent class is an authorized first application; and carrying out serialization processing on the data through a serialization method included by the proxy class, and encrypting the serialized data through an encryption method.
In the embodiment of the present invention, the proxy class constructed by the processing unit 702 further includes a decryption method corresponding to the encryption method and a deserialization method corresponding to the serialization method, and the application cached with the proxy class and calling the interface of the proxy class is the authorized second application; the processing unit 702 is further configured to sequentially invoke the decryption method and the deserialization method to decrypt and deserialize the processed data.
In this embodiment of the present invention, the processing unit 702 is further configured to set a tag for a field related to serialization and encryption processing in the processed data.
In this embodiment of the present invention, the processing unit 702 is further configured to configure a data management policy in the proxy class, where the data management policy indicates data characteristics that need to be serialized; judging whether part or all of the data meet data characteristics which need serialization and are indicated by a data management strategy, and if so, serializing and encrypting the data meeting the data characteristics; otherwise, the data is directly provided to the application of the receiving party through the providing unit 703.
Referring now to FIG. 8, shown is a block diagram of a computer system 800 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU) 801 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other via a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that the computer program read out therefrom is mounted on the storage section 808 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program executes the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 801.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present invention, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware. The described units may also be provided in a processor, which may be described as: a processor includes a receiving unit, a processing unit, and a providing unit. Where the names of these units do not in some cases constitute a limitation of the unit itself, for example, a receiving unit may also be described as a "unit that receives a copy or transfer operation for data in an authorized first application".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: receiving a copy or transfer operation for data in an authorized first application; serializing and encrypting the data; and providing the processed data to the application of the receiver, enabling the second application to perform decryption and deserialization on the processed data under the condition that the application of the receiver is an authorized second application, and enabling the unauthorized application to acquire the processed data under the condition that the application of the receiver is an unauthorized application.
According to the technical scheme of the embodiment of the invention, after the copying or transmission operation is performed on the data in the authorized first application, the data is serialized and encrypted to ensure the security of the data, and after the processed data is provided to the application of the receiving party, if the application of the receiving party is the authorized second application, the authorized second application can be decrypted and deserialized to display normal data, and if the application of the receiving party is the unauthorized application, the unauthorized application obtains the processed data, namely the unauthorized application obtains the encrypted and serialized data, so that the application can authorize trusted applications to enable the trusted applications to copy or transmit the data from each other, and the untrusted applications cannot obtain the data from the trusted applications, so that the security of the application to copy or transmit the data is effectively improved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A data security processing method is characterized by comprising the following steps:
receiving a copy or transfer operation for data in an authorized first application;
serializing and encrypting the data;
and providing the processed data to an application of a receiving party, enabling the second application to perform decryption and deserialization processing on the processed data under the condition that the application of the receiving party is an authorized second application, and enabling the unauthorized application to acquire the processed data under the condition that the application of the receiving party is an unauthorized application.
2. The data security processing method according to claim 1,
further comprising: in the case of receiving a copy operation for data in an authorized first application, copying the processed data into a clipboard of a running system;
the application for providing the processed data to the receiver comprises: and under the condition that the application of the receiver receives the pasting operation, acquiring the processed data from the clipboard of the operating system, and providing the processed data for the application of the receiver.
3. The data security processing method according to claim 1, further comprising:
according to a preset configuration strategy, constructing and caching an agent class for one or more applications and calling an interface of the agent class so as to call the cached agent class through the interface aiming at the copying operation or the transmission operation of data, wherein the agent class comprises a serialization method and an encryption method, and the application cached with the agent class and calling the interface of the agent class is the authorized first application;
the serializing and encrypting the data includes: and carrying out serialization processing on the data through the serialization method included by the proxy class, and encrypting the serialized data through the encryption method.
4. The data security processing method according to claim 3, wherein the proxy class further includes a decryption method corresponding to the encryption method and a deserialization method corresponding to the serialization method, and the application cached with the proxy class and calling the interface of the proxy class is the authorized second application;
the second application performs decryption and deserialization processing on the processed data, and includes:
and sequentially calling the decryption method and the deserialization method to decrypt and deserialize the processed data.
5. The data security processing method according to claim 1,
further comprising: setting a label for fields related to serialization and encryption processing in the processed data;
the second application performs decryption and deserialization processing on the processed data, and includes: and the second application identifies fields containing labels in the processed data, and decrypts and deserializes the identified fields containing the labels.
6. The data security processing method according to claim 3, further comprising: configuring a data management policy in the agent class, wherein the data management policy indicates data characteristics that need to be serialized;
under the condition of receiving copy or transmission operation aiming at data in an authorized first application, judging whether part or all of the data meets data characteristics which are indicated to be serialized by the data management strategy, and if so, serializing and encrypting the data meeting the data characteristics; otherwise, the data is directly provided to the application of the receiving party.
7. The data security processing method according to claim 2, wherein the running system is an Android system.
8. A data security processing apparatus, comprising: a receiving unit, a processing unit and a providing unit, wherein,
the receiving unit is used for receiving a copying or transmission operation aiming at data in an authorized first application;
the processing unit is used for carrying out serialization and encryption processing on the data;
the providing unit is configured to provide the processed data to an application of a receiving party, enable the second application to perform decryption and deserialization on the processed data when the application of the receiving party is an authorized second application, and enable the unauthorized application to acquire the processed data when the application of the receiving party is an unauthorized application.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method recited in any of claims 1-7.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN202211010532.4A 2022-08-23 2022-08-23 Data security processing method and device Pending CN115459964A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211010532.4A CN115459964A (en) 2022-08-23 2022-08-23 Data security processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211010532.4A CN115459964A (en) 2022-08-23 2022-08-23 Data security processing method and device

Publications (1)

Publication Number Publication Date
CN115459964A true CN115459964A (en) 2022-12-09

Family

ID=84299489

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211010532.4A Pending CN115459964A (en) 2022-08-23 2022-08-23 Data security processing method and device

Country Status (1)

Country Link
CN (1) CN115459964A (en)

Similar Documents

Publication Publication Date Title
CN112039826B (en) Login method and device applied to applet end, electronic equipment and readable medium
CN108880812B (en) Method and system for data encryption
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN108923925B (en) Data storage method and device applied to block chain
CN114826733B (en) File transmission method, device, system, equipment, medium and program product
CN110795741B (en) Method and device for carrying out security processing on data
CN110519203B (en) Data encryption transmission method and device
CN111181920A (en) Encryption and decryption method and device
CN111416788A (en) Method and device for preventing transmitted data from being tampered
CN112966287A (en) Method, system, device and computer readable medium for acquiring user data
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
CN112182518A (en) Software deployment method and device
CN109995534B (en) Method and device for carrying out security authentication on application program
CN110825815A (en) Cloud note system information processing method, equipment and medium based on block chain
CN107707528B (en) Method and device for isolating user information
CN113037760B (en) Message sending method and device
CN115459964A (en) Data security processing method and device
CN112565156B (en) Information registration method, device and system
CN113992345A (en) Method and device for encrypting and decrypting webpage sensitive data, electronic equipment and storage medium
CN113961931A (en) Adb tool using method and device and electronic equipment
CN113626848A (en) Sample data generation method and device, electronic equipment and computer readable medium
CN113507363B (en) Data processing method, device, electronic equipment and storage medium
CN113420331B (en) Method and device for managing file downloading permission
CN113676482B (en) Data transmission system and method and data transmission system and method based on double-layer SSL
CN115378743B (en) Information encryption transmission method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination